3 matches found
SUSE CVE-2016-4055
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service CPU consumption via a long string, aka a "regular expression Denial of Service ReDoS."...
GHSA-87VV-R9J6-G5QV Regular Expression Denial of Service in moment
Versions of moment prior to 2.11.2 are affected by a regular expression denial of service vulnerability. The vulnerability is triggered when arbitrary user input is passed into moment.duration. Proof of concept var moment = require'moment'; var genstr = function len, chr var result = ""; for i=0;...
Joyent Node.js moment denial of service vulnerability
Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A denial of service vulnerability exists in Joyent Node.js moment due to a failure of the moment.duration function to check input, allowing remote attackers to submit special regular expressions for denial...